General
-
Target
ad8002611215626545165451654564aa56416545ff4516141c65a416545156456f4562156a4564f56456456454564g56456456a5564561161_INFORMACION_COMPLETA.vbs
-
Size
576KB
-
Sample
220925-hb38raehcn
-
MD5
e2f04b8da83bf53ed8afa1d057821822
-
SHA1
3f2dba10661292f76a47db1baf852bf710445221
-
SHA256
37121b0a0c209175ab653f49ef9389f548ee8ad05e82e01c83c0bf6ec0172880
-
SHA512
a10d0ec0ed2d7218b006bb1b00aa388d39986e516989736321ef2162da524b6dff8e5486b3211b3d6301df7e215a7f65c8e090c373f2f8012878b29b7adf7f92
-
SSDEEP
96:vHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHh:cKjB8Is42ohYEriG
Static task
static1
Behavioral task
behavioral1
Sample
ad8002611215626545165451654564aa56416545ff4516141c65a416545156456f4562156a4564f56456456454564g564564.vbs
Resource
win7-20220812-en
Malware Config
Extracted
https://contadoreshbc.com/dll_startup
Targets
-
-
Target
ad8002611215626545165451654564aa56416545ff4516141c65a416545156456f4562156a4564f56456456454564g56456456a5564561161_INFORMACION_COMPLETA.vbs
-
Size
576KB
-
MD5
e2f04b8da83bf53ed8afa1d057821822
-
SHA1
3f2dba10661292f76a47db1baf852bf710445221
-
SHA256
37121b0a0c209175ab653f49ef9389f548ee8ad05e82e01c83c0bf6ec0172880
-
SHA512
a10d0ec0ed2d7218b006bb1b00aa388d39986e516989736321ef2162da524b6dff8e5486b3211b3d6301df7e215a7f65c8e090c373f2f8012878b29b7adf7f92
-
SSDEEP
96:vHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHh:cKjB8Is42ohYEriG
-
Async RAT payload
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Suspicious use of SetThreadContext
-